Should I be Worried About Remote Management?

Everybody is looking for ways to increase efficiency and trim expenses nowadays. Your company’s channel partner is no exception.

With that objective in mind, most partners have adopted a support model through which they remotely access computers and other devices on your network when those devices need service, or in some cases merely threatening to need service. Doing it this way eliminates the need for trained personnel to climb into a truck, sit at numerous red lights, spill their coffee, and then repeat the process in the opposite direction after fixing whatever part of your IT infrastructure was green-about-the-gills.

Occasionally, customers express some concern about allowing any kind of third party company to tap into their networks from remote locations and do heaven-knows-what. Yes, we can always get the stated objective of the virtual visit, but it nonetheless begs the question of what else might have been done while they were in there. Meanwhile, the more frugal side of that same suspicious brain is generally relieved that the company doesn’t have to fork over the bucks necessary to have somebody drive out to their office.

So if you’re waiting for me to tell you in no uncertain terms that you can always rely on support teams to be fine, upstanding business people who would never even considering swiping a single bit of data that didn’t belong to them, I’m not going to do that.

But neither am I going to say that delivering the keys to the IT castle is the wrong thing to do in all cases.

That’s because this is one of those IT choices that transcends the quantitative dollar evaluation, and has a lot more to do with the qualitative element of trust. Who exactly are these people who want invisible access to your network? Have you worked with them before? If so, how long? Under what circumstances do they want permission to log onto your network? Will they notify you when they do? Will there be an objective way to determine where they have been and what they have done? What applications will they be able to access? Will this be done by people you are comfortable with, or might this be outsourced? What has the channel company done to minimize risks of hacking and other malfeasance?

Expect your channel partner to shift uncomfortably in their chairs when this part of the discussion is happening. Nobody enjoys fielding questions like these. Nonetheless, they are important for you to know, and it is also good for the partner to think about these potential issues too. It will raise their awareness, remind them of the importance of security, and generally remind them to keep their eyes open.

On the other side of the coin, it’s also possible that if you had your own in-house IT staff, some of those same problems could occur. “Inside jobs” obviously happen too, so outsourcing this to a trusted partner is not necessarily more risky than any other alternatives at hand.

But ask anyway. It might not be the most socially comfortable moment in your life. But if anything ever does go wrong, questions about the screening process, and the fact that you inquired into these matters could work at least somewhat in your favor when your bosses are trying to figure out what happened and who is responsible.

I routinely remotely go into clients servers to help sort out a computer problem even though I'm their website developer (often, I'm the only geek they can think of in a panic). All know me & most have worked with me for years.
I recommend to all of them that they use 3rd party software password protection and encryption on sensitive files. That way if there is a temptation to steal, chances are good the average thief won't be able to access the data.
I also recommend password protecting & encrypting Outlook .pst files.

Some of the individuals posting to this site, including the moderators, work for Cisco Systems. Opinions expressed here and in any corresponding comments are the personal opinions of the original authors, not of Cisco. The content is provided for informational purposes only and is not meant to be an endorsement or representation by Cisco or any other party. This site is available to the public. No information you consider confidential should be posted to this site. By posting you agree to be solely responsible for the content of all information you contribute, link to, or otherwise upload to the Website and release Cisco from any liability related to your use of the Website. You also grant to Cisco a worldwide, perpetual, irrevocable, royalty-free and fully-paid, transferable (including rights to sublicense) right to exercise all copyright, publicity, and moral rights with respect to any original content you provide. The comments are moderated. Comments will appear as soon as they are approved by the moderator.